1. GENERAL

1.1 Within Norstedts Förlagsgrupp, we care about your personal privacy and always strive for a high level of data protection. This Privacy Policy explains how the company collects and uses the personal data of copyright holders and/or contractors. It describes your rights and how you can enforce them.

2. What is personal data and what is processing of personal data?

Personal data is all types of information that directly or indirectly relate to a physical person who is still alive. For example, images and sound recordings that are processed in a computer may be regarded as personal data, even if no names are mentioned. Encrypted data and different types of electronic identity (e.g. IP numbers) are regarded as personal data if they can be linked to natural persons.

Processing is everything that is done to personal data. Each measure taken using personal data constitutes processing, regardless of whether such measure is undertaken automatically or manually. Examples of common forms of processing include collection, registration, organisation, structuring, storage, processing, transfer and deletion.

3. PERSONAL DATA MANAGER

Norstedts Förlagsgrupp AB, corporate ID no. 556045-7748, is the Personal Data Manager for the processing of personal data carried out by Norstedts Förlagsgrupp. You can find information about how to contact us further down in this document.

4. WHEN DO WE COLLECT PERSONAL DATA?

4.1 Norstedts Förlagsgrupp collects personal data about you in the following context, e.g. if:

• you are the copyright holder (author or other) and we mutually intend to enter into an agreement, or have entered into an agreement with you for the management of your intellectual property rights
• you are a contractor and we mutually intend to enter into a contract of employment, or have entered into an agreement with you for participation in our production
• you register for any of our other services. However, in these contexts, we refer to the corresponding privacy policy: Norstedts Förlagsgrupp Privacy Policy

5. WHAT PERSONAL DATA DO WE COLLECT AND FOR WHAT PURPOSE (WHY)?

5.1 For copyright holders

5.1.1 Purpose

To manage our relationship with you and manage your intellectual property rights.

5.1.2 Processing carried out

• Production of the work
• Publishing, marketing and distribution of the work with sales,
• Follow-up of sales and payment of remuneration for the work

5.1.3 Categories of personal data

• Name
• Personal ID number
• Contact details (address, e-mail and phone)
• Item information such as title, name, pictures
• Bank and account information

5.1.4 Legal basis

Completion of our related undertakings or in accordance with agreement.

5.1.5 Storage and deletion of personal data

We store your personal data for as long as the contractual relationship with us and the management of your rights lasts and up to a maximum of 6 months thereafter. After the end of the contract, we save ISBN information, name of the copyright holder and title (“article information”) in our list of the company’s published works. Copies of all agreements entered that are linked to a work, and, in some cases, also the correspondence that resulted in the production of that work are also filed for company history purposes and in the public interest for future research purposes in the company history archive at the Swedish Centre for Business History.

5.1.6 Contact for your privacy questions

For questions concerning privacy issues and personal data, get in touch with your contact person at the relevant publisher.

5.2 For contractors

5.2.1 Purpose

To be able to manage our relationship with you and your participation in our production process.

5.2.2 Processing carried out

• Production such as reading, proofreading, translation,
• Publishing, marketing and distribution of the work with sales,
• Payment of remuneration
• Production of the work
• Publishing, marketing and distribution of the work with sales,
• Follow-up of sales and payment of remuneration for the work

5.2.3 Categories of personal data

• Name
• Personal ID number
• Contact details (address, e-mail and phone)
• Item information such as title, name, pictures
• Bank and account information

5.2.4 Legal basis

Completion of our related undertakings or in accordance with agreement. If this information is not provided, our undertakings cannot be fulfilled and we may refuse entry into an agreement with us.

5.2.5 Storage and deletion of personal data

The storage period is as long as the duration of the agreement and a maximum of up to 6 months thereafter. To the extent a contractor is involved in the creation of the work, we also save ISBN information, name of the copyright holder/contractor and title of the work (“article information”) in our list of the company’s published works after the agreement has expired. Copies of all agreements entered that are linked to a work, and, in some cases, also the correspondence that resulted in the production of that work are also filed for company history purposes and in the public interest for future research purposes in the company history archive at the Swedish Centre for Business History.

5.2.6 Contact for your privacy questions

For questions concerning privacy issues and personal data, get in touch with your contact person at the relevant publisher.

6. DATA SECURITY AND PRIVACY

The security, privacy and confidentiality of your personal data is very important to us. We have implemented technical, administrative and physical security measures that are designed to protect your personal data from unauthorised disclosure, use and change. From time to time, we evaluate these measures in order to investigate whether additional measures are required or whether existing ones need updating. Please note that, despite taking all reasonable measures, there are no security measures that are 100% secure.

7. WHO MAY WE SHARE YOUR PERSONAL DATA WITH?

7.1 Norstedts Förlagsgrupp may disclose your personal data to group companies, partners and other third parties for the purpose of fulfilling the agreement with you or for the execution of agreements with Norstedts Förlagsgrupp's suppliers and partners, “personal data processor”, in areas such as IT, payments, marketing and distribution.

7.2 If personal data is disclosed to the personal data processor that process personal data on behalf of Norstedts Förlagsgrupp as described above, we will enter into an Data processing agreement with this party. We only engage the services of personal data processors that provide adequate guarantees that they will implement appropriate technical and organisational security measures.

7.3 When your personal data is shared with personal data processors, it is done solely for purposes that are compatible with the purposes for which we collected and processed the information (e.g. in order to be able to satisfy our undertakings).

7.4 Personal data may also be disclosed to independent personal data managers, e.g. a bank for payment of remuneration or if it is necessary in order to comply with applicable laws or requirements from authorities, to safeguard the legal interests of Norstedts Förlagsgrupp’s, or to detect, prevent or highlight instances of fraud and other security or technical problems. For this group, we do not enter into a personal data processor agreement as they control the processing of personal data in accordance with their own terms and privacy policies.

8. WHO MAY WE COLLECT YOUR PERSONAL DATA FROM?

In addition to the information you provide us with, or which we collect from you, we may also collect personal data from other sources (“third parties”). We may collect the following information from third parties:

• Address information from public registers in order to ensure that we have your correct address details,

If such information is collected, it falls within the framework of legal basis and storage period in accordance with the purposes described herein.

9. WHERE IS YOUR PERSONAL DATA PROCESSED?

9.1 We always strive to ensure that your personal data is processed within the EU/EEA, and that all our own IT systems are located within the EU/EEA. In the event of an exception from this, i.e. data is transferred to a “third country” outside the EU/EEA, the personal data processor may, as is the case with personal data processors based within the EU/EEA, only view information that is relevant to the purpose. We also ensure that a security level can be established as if the assistant were stationed within the EU/EEA.

9.2 Personal data may also be transferred to a “third country” in instances where rights to a work are sold onto another country. However, this only happens if an adequate level of security can be guaranteed or if appropriate security measures are implemented.

10. YOUR RIGHTS

10.1 You are entitled to have access to the personal data we have registered about you. You may, at no additional charge, receive information about what personal data Norstedts Förlagsgrupp processes about you and why. In addition, you are also entitled to have inaccurate, misleading or incomplete information corrected, anonymised or deleted. You are also entitle to request that we limit the processing of your personal data, object to the processing of personal data or object to the type of personal data processing we carry out. Please note, some of these rights only apply in specific situations, such as the right to transfer data to third parties, i.e. data portability and which only apply in instances where processing is based on an agreement or consent, and that processing is done automatically.

10.2 Should you require help with any of the above or about any other aspect pertaining to your personal data, please contact us via the contact routes provided for each purpose and we will assist you.

10.3 You are also entitled to refer to the supervisory authority at any time if you believe that your personal data is being processed by us in violation of applicable data protection legislation. In such instances, contact the Swedish Data Protection Authority. You can find the appropriate contact details here: www.datainspektionen.se

11. Exemptions from GDPR

The following personal data processing is exempt from the terms of the General Data Protection Regulation (GDPR):

• personal data that is directly included in and related to the literary works (article information, sources)
• personal data in connection with freedom of expression such as sources,
• processing that is essential for the sale of works (e.g. sharing of article information with third parties such as Bokinfo, distributors and retailers),
• processing that is essential for the distribution of the work (e.g. publication and marketing of the work on our websites/via newsletters/in book club member magazines).

The above is underpinned by the following:

• the relationship to freedom of the press and freedom of expression is regulated in Chapter 1, Section 7 of the Act (2018:218) with supplementary provisions to the EU’s General Data Protection Regulation (GDPR),
• in addition, the EU General Data Protection Regulation shall, in accordance with Chapter 1, Section 7 of GDPR and the Data Protection Act, not be applied to the extent that is contradicts freedom of the press or the provisions of the Swedish Fundamental Freedom of Expression Act,
• similarly, the Data Protection Act, articles 5-30 and 35-50 of the EU General Data Protection Regulation, as well as Chapters 2-5 shall not be applied where personal data is processed for journalistic purposes or for the creation of academic, artistic or literary works.

12. AMENDMENTS TO THE PRIVACY POLICY

This Privacy Policy may be adjusted from time to time. Should Norstedts Förlagsgrupp make any significant changes to the Privacy Policy, we will inform you before such changes come into force. The Privacy Policy will also be published on our websites:

www.norstedts.se

www.rabensjogren.se

www.wahlstroms.se

www.massolit.se

__________________

Last updated 21.05.2018/Norstedts Förlagsgrupp AB